On Monday 14 April 2008 at 23:42:43 Herbert Furting wrote: > If the new UID just contains a new email address, you should really > check if the keyholder "controlls" that email address. > You can do so, by sending him an encrypted challenge.
Ah, thanks, that makes sense. And then I can sign his new UIDs too? Or just
change their trust level?
> > I was under the impression that the trust would be inferred automatically
> > by gpg, according to the trust rules
> > ("completes-needed", "marginals-needed", "max-cert-depth").
> > For example, in this case, I have trusted his key fully, and he has
> > signed his UID, which is one complete link (or two from my own key),
> > right? If not, what is the purpose of these parameters?
>
> First of all,... you don't sign a key,.. you sign the UID for a key.
>
> The trust stuff is there to let you recognize other keys as valid,...
> that your directly signed people signed them self.
> e.g. If you trust Bill, who signed Joe,.. you might (depending on which
> trust, and your settings) consider Joe's signatures to,... and even
> trust him ;)
Thanks, this is helpful. So, if I have to set the trust of other keys myself
in order to recognise them as valid, what is the function of
the "completes-needed", "marginals-needed" and "max-cert-depth" options in my
gpg.conf file?
Thanks again!
Pete.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
